GRCPerfect - Adaptiveprocessesadaptiveprocesses.com/pdf/GRCPerfect Detailed... · 5 Model Mapping...
Transcript of GRCPerfect - Adaptiveprocessesadaptiveprocesses.com/pdf/GRCPerfect Detailed... · 5 Model Mapping...
GRCPerfect
Enterprise Project Governance, Risk and Compliance Solution
High Level Feature Description Document
Version: 6.0
Adaptive Processes Consulting Private Limited
Experience World Class Processes!
ISO 9001:2008 Certified
#51, 3rd Cross, Church Street,
6th Block Annex, Koramangala
Bangalore – 560095
e-mail: [email protected]
www.AdaptiveProcesses.com
This document is the property of and proprietary to Adaptive Processes, Contents of this document should not be
disclosed to any unauthorized person. This document may not, in whole or in part, be reduced, reproduced, stored in a
retrieval system, translated, or transmitted in any form or by any means, electronic or mechanical.
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 2 of 26
Table of Contents
1 Introduction to GRCPerfect ................................................................................................................................... 3
2 Key features of GRCPerfect .................................................................................................................................. 3
3 GRCPerfect Functional Architecture ..................................................................................................................... 4
4 Sample Workflows in GRCPerfect ........................................................................................................................ 5
5 Model Mapping – CMMI and ISO 9001 ............................................................................................................. 14
6 Model Mapping – ISO 27001 .............................................................................................................................. 15
7 List of Modules for Governance Management System ....................................................................................... 16
8 Modules for Quality Management ....................................................................................................................... 17
9 Modules for Information Security Management .................................................................................................. 18
10 Adaptive Management System ........................................................................................................................ 19
11 Employee Services Module ............................................................................................................................. 19
12 Detailed Features for Time Tracking System .................................................................................................. 19
13 Infrastructure Requirements (For Client Hosted Model) ................................................................................. 20
14 About Adaptive Process Consulting ................................................................................................................ 22
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 3 of 26
1 Introduction to GRCPerfect
GRCPerfect is an Enterprise Governance, Risk, and Compliance Management System. It is designed to help
companies implement Governance, Quality, and Information Security Management Systems in an integrated
manner. It is extremely user-friendly, simple, easy to maintain yet very effective. It has pre-built processes for
CMMI 5, ISO 27001, ISO 20000 and ISO 9001. It is a complete data management system for CMMI, ISO 9001, and
ISO 27001.
Key benefits of deploying GRCPerfect are
Minimum 50% effort reduction in deploying GRC frameworks in the organization
Unified tool to implement best practices from multiple-world class frameworks such as ISO (9001, 27001,
20000, 14000, 18000), CMMI, ITIL, Business
Senior Management and client visibility into Organizational, Account and Project level performance parameters
Improved data and metrics integrity, thus helping in better decision making
Significant help in ongoing process sustenance beyond audit and assessment
Complete automation of project management artifacts and reporting – significant savings on management effort
2 Key features of GRCPerfect
Complete Program and Project Planning and Tracking supporting CMMI, ISO 9001, ISO 27001 and Agile
Schedule, Defect, Effort, Risk, Issue, Change Requests, Quantitative Process Management, Sub-Process
Metrics and other 40+ data capture needed by CMMI, ISO 9001 and ISO 27001
Supports workflow for approvals in Time Sheet, Requests
Supports flexible organizational hierarchy
Complete role-based permissions for data confidentiality and integrity
Multi level view – From Organization to Account to Project
Status and Metrics reports generated automatically from the system
Built on industry standard Microsoft SQL Server and .Net
Completely web-enabled and does not require any installation on user machines
Light-weight interface making it suitable to work on internet
Compliance management includes audit planning, tracking and reporting
Best practices drawn from internationally renowned organizations
Substantially reduced time and effort in model adoption and implementation
Enables complete context and role based view of policies and processes
Configurable to company’s requirements
Available to the Client as an Open-Code option which enables Client to obtain the source code of the product
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 4 of 26
3 GRCPerfect Functional Architecture
Project Governance Key Modules
IT Risk Key Modules
Compliance Management Key Modules
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 5 of 26
4 Sample Workflows in GRCPerfect
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 14 of 26
5 Model Mapping – CMMI and ISO 9001
Legend
Fully Supported
Partially supported
Not supported
Not a data requirement
Model requirement GRCPerfect module Process
compliance
Data
compliance
Project planning Schedule
Project monitoring and control Executive dash board + reports
Configuration management Not supported
Process and product quality assurance Audit management
Measurement and analysis Schedule, defect, risk + reports
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 15 of 26
Supplier management Vendor master
Requirements management Change request management
Requirements development Product backlog
Traceability matrix
Technical solution Engineering output
Product integration Engineering output
Verification Review, test case management
Validation Test case management
Decision analysis and resolution
(DAR)
Pugh matrix (DAR) module
Integrated project mgmt Minutes of meeting
Action item tracking
Risk management Risk
Organizational process definition Process asset library
Organizational process focus Not a data requirement
Organizational training Training management
Organizational process performance All data management modules
Quantitative project management Sub-process metric
Causal analysis and resolution Root cause analysis
Organizational innovation and
deployment
Continual improvement request
Project life cycles
6 Model Mapping – ISO 27001
Model requirement GRCPerfect module Process
compliance
Data
compliance
Establishing and managing the isms No data requirement
Documentation requirements No data requirement
Management commitment Management review meeting
Skill gap analysis
Training management
Resource management Capacity planning
Internal isms audits Audit management
Management review of the isms Management review
Isms improvement Continual improvement
Security policy No data requirement
Security organizations No data requirement
Asset classification and control Asset master
Personnel security Training compliance
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 16 of 26
Physical and environmental security Visitor management
Communications and operations
management
It checklists
Access control Access control matrix
Systems development and
maintenance
Security review checklist
Security incident management Incident tracker
Business continuity management Business impact analysis
Supplier contacts
Employee contacts
Compliance Audit management
7 List of Modules for Governance Management System
# Module Name Key Features
1 Project Overview Captures project characteristics, project stakeholders and objectives
Helps understand risks, issues and defects at organization level wrt project
characteristics
3 Schedule Management Define custom project life cycles
Allows auto-creation of Work Breakdown Structure
Schedule import from MS-Project
Integrated reviews checklist and creation of defects
Schedule allocation notification
Integrated test cases and creation of defects
Integration with Defects, Issues, Change Requests Module
Integrated with time sheet for effort capture
3 Scope Management Supports Function Point, Use Case Point and Complexity based estimation
Supports approval mechanism
Module and Phase-wise distribution
Size variance analysis
Integration with Schedule (Planned)
4 Defect Management Enables orthogonal classification of defects
Capture of defect history
Defect Allocation notification
Can be imported through Excel
Integration with schedule and time sheet
Supports orthogonal classifications
5 Risk Management Captures Risk History with Mitigation and Contingency Plan
Computation of Risk Prioritization Number
Risk Allocation notification
Integration with schedule
Integration with Org. Risk Management Module
6 Issues/Action Items Captures Issues / Action Item Details
Issue/Action Item Allocation notification
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 17 of 26
Integration with schedule
7 Change Management Captures Change Requests Details
Integration with schedule
8 Time Sheet Weekly Time Sheet
Integration with schedule for planned tasks
Provision to capture un-planned tasks
Time sheet approval
Ability to capture data from two different perspectives – Metrics and Billing
9 Skill Gap Conduct skill-gap analysis for project team members
10 Minutes of Meeting Captures meeting agenda, decisions taken
Integration with Action Item Tracking
11 CM Plan
Define Configuration Items
Define Folder Access, Baselines, CCB
12 SLA Management Define Service Level Agreements
Track Service Level Performance
13 Quantitative Process
Management
Define Project Metrics
Milestone-wise metrics data capture
14 Sub-Process Metrics Set Statistical Process Control Limits
Verify if measures fall within control limits
15 Decision Analysis and
Resolution
Creation of multiple decision analysis templates
Decision making using Pugh Matrix
16 Management Dashboards
Define various score-cards
Can be viewed from Organization level
Bid Management Evaluate proposals
Track proposal status
17 Reports More than 50 standard reports
Dashboards for Schedule, Risk, Defects and Issues
Defect Trend
Risk Trend
Weekly and Monthly Status Reports
Audit Findings Summary etc.
8 Modules for Quality Management
# Module Name Key Features
1 Employee Data
Management
Employee Education, Skill, Competency mapping
Skill gap analysis based on organizational roles and skill matrix
2 Audit Management Audits Planning and Tacking of Internal Auditors
Audit Reporting and Tracking
Non-conformity analysis wrt internal policies and processes and also the standards
3 Training Management Training Plan, Training Attendance and Feedback capturing
4 Management Review
Meetings
Auto-generation of Management Review Agenda as per ISO 9001 and ISO 27001
Action Item Tracking
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 18 of 26
5 Vendor Management Vendor Master including Vendor Evaluation
6 Appraisal Employee Appraisal Management
7 Root Cause Analysis
Capture Root Cause Analysis
8 Org. Process
Repository
Captures qualitative data on organizational process performance
9 Continual
Improvement Request
Capture Process Change Requests
10 ISMS Quiz
Management
Plan and track results of ISMS Trainings
11 CSAT Survey
Plan and capture data for Customer Surveys
12 PIID Pre-built Process Implementation Indicator Database for CMMI Assessment
9 Modules for Information Security Management
# Module Name Key Features
1 Asset Management Asset Master including Allocation, Movement and Component tracking
Asset Service Records
2 Risk Management Threat and Vulnerability analysis
Automated Risk Analysis and Treatment Plan
3 Impact Analysis Business Impact Analysis
4 Statement of
Applicability
Definition of controls as per ISO 27001
5 Access Control Matrix Defining various permissions for information assets
6 Capacity Planner Define Capacity Requirements and Availability
7 Incident Management Incident Tracking
Allocation of Incidents
8 Material Movement Material Movement Tracker
9 Visitor Management Visitor Tracker
10 Critical Contacts Critical Contact Management
11 Audit Management Audit Planning and Audit Reporting
12 Management Review
Meetings
Auto-generation of Management Review Agenda as per ISO 27001
Action Item Tracking
13 Training Management Plan and tracking of QMS / ISMS Trainings
14 QMS / ISMS Quiz
Management
Plan and track results of QMS / ISMS Trainings
15 Root Cause Analysis
Capture Root Cause Analysis
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 19 of 26
10 Adaptive Management System
# Module Name Key Features
1 Software life-cycles 8 comprehensive software life-cycles – Agile, Waterfall, Maintenance, Support,
Reengineering, Porting, Package Implementation and Testing
2 Processes 50+ comprehensive processes and procedures for Delivery, HR, IT and other
functions
3 Process Artifacts 500+ standardized process artifacts for CMMI, ISO 27001 and ISO 9001
4 eLearning Contains eLearning on CMMI, ISO 27001, ISO 9001, Internal Audit,
Configuration Management and Agile
5 Model Support Complete support to CMMI, ISO 27001, and ISO 9001. Will be upgraded soon for
ISO 20000 and COBIT.
11 Employee Services Module
# Module Name Key Features
1 Employee Directory Can see company employee information
2 Leave Apply leave
3 Request Tracking Request for any service
4 Improvement Request Suggest improvements
5 Incident Tracking Report incidents
6 Attendance Attendance system integration
12 Detailed Features for Time Tracking System
# Module Name Key Features
1 Seamless integration schedule
module
Tasks planned for an employee is reflected in time sheet
Actual effort, Effort required to complete (ETC) and % task
completion entered in Time Sheet gets reflected back in schedule
Benefits
Project manager gets to see effort planned against effort
consumed and effort needed to complete the task and can re-plan
accordingly
2 Multiple attributes captured for
effort analysis
Effort captured against Activity Code, Sub-Activity codes and
Billable codes
Activity codes restricted by person’s primary function (Delivery,
HR and IT etc.)
Sub-activity codes restricted by activity code
Benefits
Project manager gets to see effort planned against effort
consumed and effort needed to complete the task and can re-plan
accordingly.
3 Email integration Submission of time sheets triggers email to manager for approval
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 20 of 26
Approval and rejection emails provided to employee
4 Built in flexibilities In case an employee is allocated to multiple projects, they can
provide all projects efforts in a single screen
Effort can be captured against project / account / business unit /
organization or project only
Approval for Time sheets can be based on billability of the
employee – Project Manager for Project members and Function
Heads for Support functions
5 Provision to capture un-planned
tasks
Allows capture of unplanned tasks
6 Multiple approval mechanism Time sheet can be submitted to Project Manager / Function
Manager
7 Integration with leave system If an employee has approved leaves, it automatically appears in
8 Multiple effort capture for metrics and
billing
GRCPerfect allows capture of time sheet effort both from metrics
angle and billing angle.
9 Built in validations Employee cannot enter time for future period
Effort captured per day is maximum 24 hours
10 Integration with attendance system Integration with attendance system is planned
10 Integration with Executive Dashboard Time sheet effort captured is used for executive dashboard
reporting
11 Reports Effort capture summary
Effort as per billing codes
Effort as per activity and sub-activity code
13 Infrastructure Requirements (For Client Hosted Model) Hardware
Application and Database Server Machine (1 No Required)
Pentium CPU 3.0 GHz
4 GB RAM and 200 GB Disk space
Software
For operating system Windows 2000 / 2003 professional use service pack 2 (SP2).
SQL Server 2008
.Net Framework 4.0 (Freely available on Internet)
Browser
Internet Explorer 8.0+
14 GRCPerfect Support Mechanism
Any defect arising out of Adaptive Product design and development will be serviced free of cost by Adaptive over
the life of the product. Following aspects will be considered as Defects
1. Application not being usable due to design / coding deficiencies
2. Any wrong calculation logic or report
3. Validations which are considered industry accepted practice
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 21 of 26
Rest will be considered as Change Requests. Defects / Change Requests should be submitted by email to
[email protected]. Defects and Change Requests will be classified as per the definitions provided
below.
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 22 of 26
15 Definition of Defect Severities and SLA for resolution (in Working Days)
Severit
y
Definition SLA for Response SLA for Resolution
1 Disastrous – system cannot be used without corrective
action being taken
4 Hours 1 Day
2 Major – system can be used with major functional
restrictions
1 Day 1 week
3 Minor – system can be used with minor functional
restrictions
2 Days Quarterly Release
4 Cosmetic – system can be used with full functionality 2 Days Quarterly Release
16 Change Request Implementation
Priority Definition Estimated Effort (Person-
Hour) (PH)
SLA for Implementation
1 Has legal or revenue implications
< 16 1 Week
16 to 40 2 Weeks
40 to 160 4 Weeks
> 160 Case by case basis
2 Has implications for organizational
audit/assessment/Senior Management
reporting
< 16 2 Weeks
16 to 40 4 Weeks
40 to 160 6 Weeks
> 160 Case by case basis
3 All others < 16 2 Weeks
16 to 40 6 Weeks
40 to 160 8 Weeks
> 160 Case by case basis
17 About Adaptive Process Consulting
Adaptive Processes is formed with a view to help organizations establish and improve Quality and Security
processes in a faster, better and simpler way.
We developed world’s first database driven Quality and Information Security Management System which has been
filed for a patent. We are certified for prestigious international standard, ISO 9001:2008 from DNV.
Our core team is formed by alumni from Indian Institutes of Management (IIM's). Adaptive founding team includes
People with extensive knowledge in the Process consulting industry with strong Software delivery and consulting
experience.
We are an Endorsed Education Provider (EEP) for International Institute of Business Analysis (IIBA), Canada. We
have multiple Lead Auditors for ISO 9001, ISO 27001, ISO 20000, BS 25999 and Certified Scrum Masters on
board. We have more than 100+ person-years of experience with Quality and Project Management.
We are young and agile. More than 80% of our Clients have implemented multiple projects with us.
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 23 of 26
Proven Capabilities – Adaptive has successfully completed over 20 ISO and CMM projects with cumulative
experience of more than 100 person-years. Adaptive has encapsulated all of its learning and Best Practices into
its proprietary, tried and tested methodologies.
GRCPerfect – Proven product for CMMI Level 3, ISO 9001 and 27001. GRCPerfect is completely web-based,
role permission based system to manage CMMI Level 3 and ISO 27001 activities.
Cost Savings - 50%+ cost reduction over traditional methods of process definition and implementation
Effort Savings - 50 More than 50% effort saving from Client side due to automation of processes and metrics
Time Savings – Minimum 3 months effort savings due to proven toolkits
eLearnings - eLearning products in CMMI, ISO 9001, ISO 27001 and Internal Audit for continuous learning
Ongoing Support - Process Sustenance including complete Quality Process Outsourcing beyond certification
A single vendor solution for multiple frameworks – The complexity of integrating multiple implementation
vendors in any project presents numerous and added challenges and risks. With Adaptive, clients can rest
assured that an end-to-end GRC solution will always be provided under a single umbrella.
Accreditations – Adaptive Processes has been certified against ISO 9001:2008, the international certification
for quality of it’s products and services.
18 Adaptive Service Portfolio
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 24 of 26
19 Our Esteemed Clients
20 Our Success Stories
CMMI
Ascendum Systems (Implementing CMMI L3)
Infinite Computers (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 5
implementation)
Turning Point (GRCPerfect Implementation and QMS Definition for CMMI v1.2 Level 3 implementation)
AXA Group Solutions (CMMI implementation Support)
Manhattan Associates (CMMI Training)
OTIS Software (CMMI Training and Gap Analysis)
ISO 27001:2005
AccelFrontline (Implementing ISO 27001 and ISO 20001)
Zenith Software - Completed ISO 27001 certification
JuriMatrix (Clutch group) – Completed ISO 27001 certification
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 25 of 26
People Tech Group – Completed ISO 27001 certification
Proteans – Implementing ISO 27001 and BS 25999
Crossdomain - Implementing ISO 27001
Photon Infotech – ISMS system definition
Metlife – ISO 27001 Pre-certification Audit
Tusker Legal Process Outsourcing - ISMS definition as per ISO 27001
Ness Technologies – ISO 27001 Internal Audit Training and Co-ordination
Management Systems Outsourcing
Bharti-AXA General Insurance
EmPower Research
V2Soft
Ness Technologies
MACH Teledata
ISO 9001:2008
Clutch Group, Leading LPO player in the world
Empower Research, leading KPO organization in India (Completed ISO 9001 implementation)
Ness Technologies India, part of Largest Israeli IT company (ISO 9001 and CMMI implementation)
Vati Consulting, Premier Recruitment Process Outsourcing and HR Consulting Firm (ISO 9001
implementation)
Vana Solutions, High-tech solutions provider (ISO 9001 and CMMI implementation)
INSZoom, World’s Leading Immigration Management Software Products organization
Bang (SQA Support)
ObjectWin (SQA Support)
ITIL
MACH Teledata
OnMobile, leading Mobile Value Added Service Provider
Six-Sigma
Multinational Automated Clearing House (MACH), World Leader in roaming solutions
Internal Audit Services
Metlife Insurance
Textron
Training
Manhattan Associates, World Leader in Supply Chain Management (CMMI Training)
Mafoi Consulting
Triumph Software Services
QMS Reengineering
Ness Technologies
Infinite Computers
21 Sample Client Testimonials
I find it very easy to do business with you. Thank you for the contribution to our system. We have a great and open
working relationship. We really respect your contributions in helping our organization. - Puneet Chaddha, Head-
Delivery, Ness Technologies
Adaptive has been prompt and fast in responding to our requirement, I am extremely happy with their people
competence, and range of service provided. Adaptive would be my obvious choice for any of our process need. I
would recommend this team to my circle. – SK Mishra, Head-Quality, Infinite Computer Solutions
I would like to thank you (LN) and your team on behalf of ZSL management team for helping us in getting the
successful ISMS assessment audit by DNV. I am confident that your APMS tool will help us in minimizes our effort
GRCPerfect Feature Description Document
Adaptive and Partner Confidential Version 6.0 Page 26 of 26
in managing Information Security. We thoroughly enjoyed working with you and look forward to work together for
our future endeavors. - R Natarajan, Chief Operating Officer, Zenith Software Ltd
Adaptive responded to all our requirements immediately. Their service was very good and satisfying. I appreciate
Adaptive resource commitment and hard work. He was very helpful and always ready to go extra mile to help us
out. – Ruhi Sharma, QA-Director, Arctern Consulting Pvt Ltd
22 Awards and Achievements
ISO 9001:2008 Certified from DNV on the first year of operation
Winner of Most Innovative Company Award from Pan IIT-IIM Alumni Forum
Certified Microsoft BizSpark Partner
Nominated for prestigious Tata NEN Hottest Start-up